A

You're listening to the Cyberwire network. Powered by N2K.

B

The DMV has established itself as a top tier player in the global cyber industry. DMV Rising is the premier event for cyber leaders and innovators to engage in meaningful discussions and celebrate the innovation happening in and around the Washington D.C. area. Join us on Thursday, September 18th to connect with the leading minds shaping our field and experience firsthand why the Washington D.C. region is the beating heart of cyber innovation. Visit DMVRising.com to secure your spot at Thales. They know cybersecurity can be tough and you can't protect everything, but with Thales you can secure what matters most. With Thales industry leading platforms, you can protect critical applications, data and identities anywhere and at scale with the highest roi. That's why the most trusted brands and largest banks, retailers and healthcare companies in the world rely on Thales to protect what matters most applications, data and identity. That's Thales T H A L E S Learn more at We've got your patch Tuesday Update A data leak sheds light on North Korean apt Kim Suki Apple introduces memory integrity enforcement Ransomware payments have dropped sharply in the education sector this year, a top NCS official warns ICS security lags behind and a senator calls US cybersecurity a hellscape. A Ukrainian national faces federal charges and an $11 million bounty for allegedly running multiple ransomware operations. Our guest is Jake Braun sharing the latest on Project Franklin and Hufi makes WI Fi a new spy It's Wednesday, September 10, 2025. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great as always to have you with us. Yesterday was Patch Tuesday. Microsoft issued fixes for 86 vulnerabilities across Windows and its products. Several of these carry a likely exploitation label and among them are two publicly disclosed zero day flaws, including the especially serious one which enables SMB relay attacks and privilege escalation, though mitigations like server signing and extended protection for authentication can help shield systems. Adobe also released patches addressing nearly two dozen vulnerabilities across nine products, including critical flaws in cold fusion and commerce in the industrial space. Rockwell Automation led the ICS patch Tuesday with eight high security advisories, joined by updates from Siemens, Schneider Electric and Phoenix Contact. Finally, Fortinet, Avanti and Nvidia rolled out security updates tackling high severity issues that risk remote code execution, privilege escalation, data exposure and configuration tampering. A new analysis of a 9 gigabyte leaked data set has shed light on North Korean Apt Kimsukee, also known as Apt 43. The data reveals development of interactive malware, a Linux rootkit and phishing infrastructure, along with reconnaissance via OCR commands and logs tied to compromised Taiwanese government and academic IPs. Researchers also linked the group's operations to Chinese support targeting South Korea and Taiwan with GPKI and credential theft campaigns. Experts recommend monitoring NASAM artifacts, OCR tool use, phishing domains and PAM SSH logs for signs of intrusion. Apple has introduced memory integrity enforcement in its new iPhone 17 and iPhone Air running iOS 26. The always on security feature is designed to protect against advanced spyware attacks that exploit memory safety flaws, a common tactic of mercenary spyware vendors. These firms, while claiming to serve governments, often sell tools to authoritarian regimes targeting journalists, activists and dissidents. Mie leverages ARM's advanced memory tagging extension, secure memory allocators and strict confidentiality enforcement to defend the kernel, Safari and messages. Apple reports that MIE disrupts exploit chains early, leaving attackers with limited options and fragile strategies. Ivan Kirstick, Apple's head of security engineering, said MIE will raise costs for spyware developers and reshape memory safety defenses. Meanwhile, Google unveiled advanced protection mode for Android users. Chilly Hell is a sophisticated modular backdoor targeting macOS active since 2021 yet largely undetected by antivirus tools. First noted in a private Mandiant report, the malware resurfaced this year when JAMF Threat Labs uncovered a notarized sample hosted on Dropbox. Written in C, it masquerades as a legitimate app but functions as a stealthy implant, profiling systems, enumerating users and persisting via launch agents, launch daemons, or shell profile injection. It uses time stomping to mask activity and supports DNS and HTTP C2 channels. Chile Hel's modular design allows attackers to deploy reverse shells, update itself, load payloads and brute force local accounts. Its persistence, flexibility and developer side notarization highlights growing sophistication in macOS threats. Jamf researchers stress this case as proof that Apple's notarization checks, while helpful, aren't infallible and that macOS users face increasingly Windows like levels of adversary attention. A new report from Sophos shows ransomware demands and payments have dropped sharply in the education sector in 2025, reflecting stronger defenses and faster recovery. Average ransom demands fell 74% in lower education and 80% in higher education, with payments plummeting 88 and 90%, respectively. Recovery costs also declined dramatically. Institutions are also recovering faster, over half restored operations within a week, compared to just 30% in 2024. Encryption success rates hit a four year low. Only 29% of lower education incidents and 58% in higher education resulted in data encryption. Improved detection meant most attacks were stopped before the damage occurred. Phishing was the leading cause in lower education, while vulnerability exploitation dominated in higher education. Researchers note attackers may now favor smaller, quicker payouts over large ransom demands. At this week's Billington Cybersecurity Summit, Alexei Bolezel, the top cyber official at the National Security Council, warned that US Critical infrastructure lags far behind modern smartphones in security technology. He highlighted the energy sector, which relies heavily on SCADA systems, as particularly vulnerable to disruptions like power outages. Bolezel argued that if infrastructure systems had protections comparable to iPhones or Android devices, only the most advanced threat actors could penetrate them. As a White House policymaker, he stressed that raising the technical baseline would eliminate many security challenges. While the Trump administration supports offensive cyber operations, Bolezel emphasized a stronger focus on defensive strategies and secure by design principles. He echoed National Cyber Director Sean Cairncross in urging a shift from viewing organizations as victims to holding adversaries accountable, noting that hackers are intentional actors, not natural disasters. Meanwhile, at a Washington, D.C. event held by Politico, Senator Angus King warned that U.S. cybersecurity is a hellscape made worse by government cuts. Citing staff reductions at the State Department, justice department and especially CISAW, which he said has lost 30% of its workforce and key leaders, King argued the US is unilaterally disarming as cyberattacks on infrastructure and businesses. Surgeon and criticized the elimination of CISA's public private partnerships office. DHS official David Harvlich pushed back, saying simply hiring more staff isn't the solution and praised new leadership appointments. Ukrainian national Volodymyr Timoshuk, age 28, faces federal charges and an $11 million bounty for allegedly running the Locker Goga Megacortex and Nephilim ransomware operations, which caused an estimated $18 billion in global damages. Prosecutors say he targeted over 250 U.S. companies and hundreds more worldwide, including Norsk Hydro's 2019 attack, which disrupted 35,000 employees across 40 countries and cost $81 million. Timoshuk allegedly used tools like Cobalt Strike, Metasploit and stolen credentials to infiltrate networks often lying dormant before deploying ransomware. He faces seven counts, including computer fraud and extortion, and could receive life imprisonment if convicted. Nephilim, his later operation followed an affiliate model targeting large firms with revenues above $100 million while Timoshuk remains at large. One of his affiliates, Artem Stryk, was extradited to the US back in April 20. Coming up after the break, our guest Jake Braun shares the latest on Project Franklin and Hoofi makes WI Fi a new spy Stick around Compliance regulations, third party risk, and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you're thinking there has to be something more efficient than spreadsheets, screenshots and all those manual processes, you're right. GRC can be so much easier and it can strengthen your security posture while actually driving revenue for your business. You know, one of the things I really like about Vanta is how it takes the heavy lifting out of your GRC program. Their trust management platform automates those key compliance, internal and third party risk, and even customer trust so you're not buried under spreadsheets and endless manual tasks. Vanta really streamlines the way you gather and manage information across your entire business. And this isn't just theoretical. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. That's a pretty impressive number. So what does it mean for you? It means you get back more time and energy to focus on what actually matters, like strengthening your security posture and scaling your business. Vanta GRC Just imagine how much easier trust can be. Visit vanta.com cyber to sign up today for a free demo that's V A N T a dot com CYBER.

A

When did making plans get this complicated? It's time to streamline with WhatsApp, the secure messaging app that brings the whole group together. Use polls to settle dinner plans, send event invites and pin messages so no one forgets mom 60th and never miss a meme or milestone. All protected with end to end encryption. It's time for WhatsApp message privately with everyone. Learn more at WhatsApp.com.

B

Jake Braun is a longtime DEFCON organizer and former White House official. I recently sat down with him to discuss the latest on Project Franklin.

C

First off, thanks for having me. I love your podcast. It's super interesting and I think the way you boil stuff down for the average person is is really helpful for for me and many others. So so thanks for everything you're doing to get the word out here. Project Franklin was started by myself and Jeff Moss, the founder of defcon, actually, over dinner in Munich on the margins of the Munich National Security Conference a couple years ago, right before I left the White House and We talked about how we wanted to create opportunities in a platform for the DEFCON community to get more engaged and more engaged in civil society issues. And so as we were thinking about this, we were thinking about, gee, what would be a name for something that would evoke this idea of both a commitment to scientific inquiry, like of course the DEFCON community has, but also an aspiration towards more civic engagement. And of course, we thought of one of the founders of America, Benjamin Franklin, who as we all know, was a great scientist in his work that he did on, on electricity and bifocals and musical instruments and so many, many other things that you've never even heard of. But the litany of his scientific contributions are legend. And then also obviously, you know, incredibly civically minded. He was, you know, one of the signers of the Declaration of Independence, was the US Representative to London for years. He was the head of the abolitionist movement in Pennsylvania in the twilight of his career. And so we thought, what better name to evoke both this commitment to science and civic engagement than Franklin? And that's why we call it Project Franklin.

B

Well, and your goal, or certainly one of your outlined goals here, is to help defend U.S. water systems. Could you describe to us what's the specific challenge is that water systems face.

C

Here in the US this was something again that I was tipped off to while I was at the White House and worked on extensively. The initial volley to kind of understand what, how, how insecure the the sector is was bull typhoon, where we know that the Chinese are pre positioning on critical infrastructure that supports military installations around the country. So water power, et cetera, so that in the event of war over Taiwan, they can shut off the water or the power for military installations that need to work that moment in time of conflict over Taiwan. And so they want to slow our response. So I wound up working on this extensively while I was at the White House and realized that on top of the utilities, the civilian utilities that support military installations, there's tens of thousands of others that the federal government does not spend most of its time and energy trying to secure and without a civil society response, meaning hackers at defcon volunteering their time to provide free support to water utilities. They would have no cybersecurity support but for these volunteers. So Jeff and I set out to recruit volunteers from DEF CON to provide free cyber support for water utilities around the country. We got money from a couple different areas to help pay for people to organize the volunteers and so on. Craig Newmark, that's Craig from Craigslist, was One of the main ones provided support for it. So we hired a few staff to recruit and deploy volunteers to these water utilities. We had so many people sign up, I think 350 over the course of just a couple weeks that we had to shut down signups because we had so many people sign up. We couldn't even take in all the people who were offering to help. And then we partnered with the National Rural Water association and forget the word rural, really, they really support most of the small water utilities, even if they're not in rural areas. And they started to identify water utilities that wanted to be guinea pigs and take our free help. And so we started out with five utilities and over the course of about 9, 10 months had assigned volunteers to them and started working on improving their cybersecurity. Everything from the real basics like changing default passwords and turning on multi factor authentication to more advanced stuff like helping them identify how to do asset inventory and create incident response plans and things like that. So that's major kind of piece of volunteerism we have for defcon Franklin supporting water utilities. We also create or produce the Hackers Almanac now every year, just like Benjamin Franklin produced Paul Richard's Almanac, where we identify the best and brightest innovations or findings from DEF CON and produce it into an annual report. So anyway, I'll pause there.

B

Well, for the members of our audience who might be interested in volunteering, what are the expectations or what sort of types of expertise are you looking to have join the program?

C

So we are generally taking people with a good amount of experience. You don't have to have a lot of experience to sign up, but the level of qualifications of those who have signed up is so great that we're generally taking people with, you know, 10 years or more experience, basic network security, in particular OT and it is of huge interest. Again, we've wound up taking people with other types of qualifications and so on, but particularly those with IT And OT are of keen interest to us because of course, all water utilities have both IT and ot.

B

Where do you hope that this goes? What's your vision for the future here?

C

Well, a couple different things. One is we're trying to find ways to scale this. So we've had some vendors like Dragos and others that have offered to give us free tools that we could provide to the water utilities that can help them scale, help us scale from not a handful, but hundreds and thousands more quickly. So we're hoping to do that. And then two, in terms of volunteers down the road, what I would love to get, get us to a point to is, you know, we have a volunteer from Alamaki County, Iowa, which is a town, which is a county of like 10,000 people in the northeastern most county in Iowa. I don't think that they likely have a person who's a cyber expert who lives there because if that person does, they probably left to go get a job in Chicago or San Francisco or New York or wherever there's a big tech hub. But I bet there's somebody from Allamakee County, Iowa who lives in Chicago or San Francisco or New York who would happily be our volunteer for that county to provide support for them, do some conference calls, maybe when they're home for the holidays, stopping in person. And so down the road, years from now, I'd love to have us assigned people who are from their community to these water utilities because I think that'll be how we have long term kind of durable, enduring effect on the industry.

B

Do you think that a volunteer program is sustainable over the long haul?

C

I believe so. I think the DEFCON community certainly has an interest in this. I know we did something similar when I was co, I was a co founder of the Voting machine Hacking Village. We did something similar back then where we got volunteers to support election jurisdictions and so and we had same thing. We had so many people sign up, we didn't know what to do with them. So we know the interest is there from the DEFCON community. Hopefully the interest will continue to be there from philanthropy to support these efforts because you have to have pay staff to organize the volunteers and work with the utilities and so on. And I think what we've seen from the water utility industry so far is there's only increasing interest in this type of support and they have no money. So it's not like their options are either hire crowdstrike to come in and do this or take a Franklin volunteer. Their options are take a Franklin volunteer or do nothing. And so we think that we will be able to provide support hopefully a long time into the future.

B

Yeah, it's interesting to me that I think for a lot of folks when they imagine some sort of threat to critical infrastructure, the first thing that comes to mind is electricity and the lights going out. But water is certainly as critical, if not even more so. But it seems to be unrepresented or underrepresented in the popular imagination.

C

Yeah, I think that water is kind of where power was about a decade or so ago. I remember maybe a little more than a decade. I remember when I was in the Obama administration I was talking to a buddy of mine who worked at the Council on Environmental Quality in the White House, and they were talking about this thing called the smart grid and how they were trying to facilitate expansion of the smart grid because it's more efficient, uses less energy, blah, blah, blah. And I was like, great, are you guys talking about cybersecurity for the smart grid? And the guy was like, it hasn't come up in one meeting or one conversation ever at all. Now that's, of course, not the case anymore. The energy industry is. Has taken the cyber threat very much to heart. It's probably one of the most robust sectors, next to, only beaten by probably finance and the defense industrial base in terms of, you know, their. What they're doing in terms of cybersecurity for their sector. Water. Water's kind of having that awakening right now. It was. It's just. It's been analog for so long, and this kind of digitization of their infrastructure has creeped up on them. And so it's not like folks are dumb and didn't think of this. It's that the threat wasn't as prevalent as it is today because so much of their stuff was analog. And so now that things have become more digitized, the threat's more real and we're seeing foreign actors exploit the threat. And so, you know, water's kind of, I think, starting to take up the mantle the way Energy did about 10, 15 years ago.

B

That's Jake Braun. We'll have a link to Project Franklin in the show. Notes.

A

Make your next move with American Express Business Platinum. Enjoy complimentary access to the American Express Global Lounge collection. And with a welcome offer of 150,000 points, after you spend $20,000 on purchases on the card within your first three months of membership, your business business can soar to new heights. Terms apply. Learn more@americanexpress.com Business Platinum AmEx Business Platinum. Built for business by American Express.

C

Race the rudders, Raise the sails. Raise the sales. Captain, an unidentified ship is approaching. Over. Roger, wait. Is that an enterprise sales solution? Reach sales professionals, not professional sailors.

B

With LinkedIn ads, you can target the.

C

Right people by industry, job title, and more. Start converting your B2B audience today. Spend $250 on your first campaign and get a free $250 credit for the next one. Get started today@LinkedIn.com campaign terms and conditions apply.

B

And finally, Italian researchers have just turned your wi fi into a nosy roommate. A team at La Sapienza University has developed hufi, a system that can identify and reidentify people based on how their bodies distort wireless signals. No phone in your pocket? No problem. The WI FI waves themselves. Remember you Unlike cameras, WI Fi doesn't care about lighting, can see through walls, and is billed as more privacy preserving. Which is kind of like saying eavesdropping through drywall is more polite than peeking through a window. Using Channel State Information and Deep Neural networks, hufi achieved a 95.5% accuracy on test datasets, outperforming earlier efforts. So who needs face ID or fingerprints when your own body is busy broadcasting its signature through the walls? Privacy may not be dead yet, but it's definitely buffering. And that's the Cyberwire for links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.

A

Did you know we can use climate data to predict when and where infectious disease outbreaks will happen? This is just one of the many things we'll be learning about in season three of When Science Finds a Way. I'm Alicia Wainwright and I'm really excited to share our new episodes with you. From making healthy food sustainable to improving global access to vaccines and getting the arts on the global mental health agenda, listen to season three wherever you get your podcasts.